rpi-plan
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to read and analyze arbitrary files within a codebase.
- Ingestion points: Workflow Step 1 and Step 2 involve reading user-mentioned files and researching the existing codebase state in the file
SKILL.md. - Boundary markers: The instructions do not define protective boundary markers or instructions for the agent to ignore potentially malicious directions embedded in the source code or documentation it reads.
- Capability inventory: Across the defined workflow, the skill reads from the local file system and writes implementation plans to the
rpi/plans/directory. - Sanitization: There is no evidence of sanitization, validation, or filtering of content ingested from the codebase before it is processed by the agent.
Audit Metadata